Client for NFS in Windows 8

Client for NFS in Windows 8

Now that it's been RTM'ed - it's time you should know what's new with NFS components in Windows 8 and I would like to start with Client for NFS.

While there are significant changes with respect to Server for NFS component in Windows 8, Client for NFS seems to have escaped unchanged UI-wise. Not entirely really - it now support krb5p flavor of Kerberos authentication in addition to krb5/krb5i support that was introduced in Windows 7.

The krb5p flavor adds privacy protection to the NFS packets on the wire and only downside that I see is that it adds the heaviest performance overhead compared to krb5 and krb5i flavors. Nevertheless, if security is paramount and you have the infrastructure to support it - you can use it as soon as you start deploying Windows 8.

Here's what those flavors really do to protect NFS communication between Windows NFS clients and NFS server -

  • Krb5 - uses the Kerberos Krb5 to authenticate users before granting access to the shared file system
  • Krb5i - uses Kerberos version 5 protocol to authenticate with integrity checking (checksums), which verifies that the data has not been tampered with
  • Krb5p - uses Kerberos version 5 protocol, which authenticates NFS traffic with encryption for privacy

I'll add the necessary non-client side configuration required to use these option later (hopefully). 

The next major change that you will see with Client for NFS in Windows 8 is support for larger block sizes - in fact, it has been bumped up all the way to 1024KB from 32KB in Windows 7 and earlier. This will hopefully add to the NFS client performance and you should see better throughput when using Windows 8 as NFS client.

The default read/write buffer size has been set to 1024KB and the only way to change it is via the nfsadmin command. However, this shouldn't be required at all since the NFS server does communicate the buffer size it supports to the client when the mount is happening and the client uses that same buffer size to communicate with the server going forward.